IETF Logo Mail Archive

Re: [arch-d] Treating "private" address ranges specially

Erik Kline <ek.ietf@gmail.com> Wed, 31 March 2021 07:08 UTC

Return-Path: <ek.ietf@gmail.com>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9F4E3A1D57 for <architecture-discuss@ietfa.amsl.com>; Wed, 31 Mar 2021 00:08:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vF5nY_kzEGVo for <architecture-discuss@ietfa.amsl.com>; Wed, 31 Mar 2021 00:08:15 -0700 (PDT)
Received: from mail-oi1-x230.google.com (mail-oi1-x230.google.com [IPv6:2607:f8b0:4864:20::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 541783A1D5B for <architecture-discuss@ietf.org>; Wed, 31 Mar 2021 00:07:56 -0700 (PDT)
Received: by mail-oi1-x230.google.com with SMTP id k25so19105390oic.4 for <architecture-discuss@ietf.org>; Wed, 31 Mar 2021 00:07:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=KqQ5Im+4TLRWk6M1QgKSdmaG05wE0ypVzoE7KNVS4c4=; b=ajSQ+eVKAiuFPp1Z4EKP9jz4l7Y6tKrEnF/KM/aUEXBQxiUTyYo3b54P/090NbUy3S QS0DAO4Dh8FKaoR+PaYKEJEAJO+K3kHJNHQV9Ubk31/E7yQe87tW108y+9MjdgcVhhBB G+eN85IYpXFgwChGFWitMcoGkzSZoKzqMSvEBKOu17z58Jfx8HGDiHkY3F+6PhBeHdD3 w6Czymho1jmBLF6GtEoIUMrnhjiTwJqOEVuOYZ8J6IN7Ztb10dDZFIvq/FhgUHO5gIYh NobCqZhjWqRAVYPrOBODDn0mbEf/v336ZwSQagNWTSmPnB+eL0JeeStbIJs6u0mFwIij YwVg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=KqQ5Im+4TLRWk6M1QgKSdmaG05wE0ypVzoE7KNVS4c4=; b=S4QHm2CVX8O6emvI1CJczmB0J8d6BGr0sFe+xL9ikw6IPHzPTy82QKzw8qRjbjyTZO u0t0wPeXzZ81KoIdqrYNNckTiGrq4EXA3mKeYBqaoM9RFVZYrNrs8qkcDNT3PiR7BD/3 moQetoCu0SzmWuGfK3lNyUatzTKt0u3HNwG+XlPkDNfXGiYaPxYlJojEEBryDybCq35o X2To/0WXHAG+XxCns4NDMcqVxnhSXkzkATZfWjiT39YKI53RAEfS7UnsAKsvKmQxEogF 6/JnQEyLwiYOeMUsqfMG6FhItxO1uvSozLez60RCcR4ROQ6CSL0e6Xctt0qt5FUV+5JH CwtQ==
X-Gm-Message-State: AOAM533yX9/BXxhHP++SwGWs1ORWgG8Cy5514GdxFJnuN5Qfe9mHDM3u DwifZ1s09uHrt5bbbwWW6nbT/iWpuKXanhP+OtAnWMq90kY=
X-Google-Smtp-Source: ABdhPJwDuBjkog3WoODSz4PX0pmqsRQAIdnnaPhYYiWR2EWfuGT+SuDMhZik4sLFF9jB1nULSxQqon/Oni60jknCb+A=
X-Received: by 2002:aca:7543:: with SMTP id q64mr1371143oic.100.1617174474591; Wed, 31 Mar 2021 00:07:54 -0700 (PDT)
MIME-Version: 1.0
References: <4329d51a-d5ba-45b3-9fb0-6795dc6fccd3@www.fastmail.com> <CAMGpriWA4B8AThNKBOHo-bfAdQ2s5iYv8rBOB7X8UVc5GsqENA@mail.gmail.com> <CAMGpriUJkWYPyw7=oAj_GnGu2J14T3=VZYNWPZtAs870P=x0sg@mail.gmail.com> <a68636c2-5df0-46eb-8147-79ec6a992f8a@www.fastmail.com>
In-Reply-To: <a68636c2-5df0-46eb-8147-79ec6a992f8a@www.fastmail.com>
From: Erik Kline <ek.ietf@gmail.com>
Date: Wed, 31 Mar 2021 00:07:43 -0700
Message-ID: <CAMGpriU_L8HbLFX_mMBtBXxy=XOc5BAnYgVR9R8TQO=DPvRD_g@mail.gmail.com>
To: Martin Thomson <mt@lowentropy.net>
Cc: architecture-discuss@ietf.org
Content-Type: multipart/alternative; boundary="0000000000001911cd05becfc664"
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/jCvNc8z3wDYZ2zpuvWTgBi0ggEo>
Subject: Re: [arch-d] Treating "private" address ranges specially
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Mar 2021 07:08:25 -0000

On Tue, Mar 30, 2021 at 11:21 PM Martin Thomson <mt@lowentropy.net> wrote:

> On Wed, Mar 31, 2021, at 17:17, Erik Kline wrote:
> > My mistake.  I think the key text I didn't property absord was "the
> > current url's host".
>
> :) Yes, though if you have name resolution that produces a ULA (which
> might happen in mDNS), then you would be contacting a "private" address.
>

I will say that this approach would seem to functionally treat all private
spaces as equivalent.  It's fairly easy to think of there being,
essentially, _one_ public sphere, but I think in practice there can be many
different private spaces.  I'm not sure how well that will play out [1],
but maybe it's no worse than today.

[1] I'm imagining a client w/ a private address and VPNs to two different
organizations using two different private spaces.  Now a web page from
ORG1's private address space can cause the client to issue queries to
ORG2's privately addressed resources.

v2.23.0 | Report a Bug | By Email